UNPKG

@cloud-copilot/iam-lens

Version:

Visibility in IAM in and across AWS accounts

github.com/cloud-copilot/iam-lens

cloud-copilot/iam-lens

72 lines 2.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import { type EvaluationResult, type RunSimulationResults, type Simulation, type SimulationMode } from '@cloud-copilot/iam-simulate'; import { IamCollectClient } from '../collect/client.js'; import { type S3AbacOverride } from '../utils/s3Abac.js'; import { type ContextKeys } from './contextKeys.js'; /** * The request details for simulating an IAM request. */ export interface SimulationRequest { /** * The ARN of the resource to simulate access to. Can be undefined for wildcard actions. */ resourceArn: string | undefined; /** * The account ID of the resource, only required if it cannot be determined from the resource ARN. */ resourceAccount: string | undefined; /** * The action to simulate; must be a valid IAM service and action such as `s3:ListBucket`. */ action: string; /** * The ARN of the principal to simulate. Can be a user, role, session, or AWS service. */ principal: string; /** * Any custom context keys to use for the simulation. */ customContextKeys: ContextKeys; /** * The simulation mode to use for the request. */ simulationMode: SimulationMode; /** * Whether to ignore missing principal errors. */ ignoreMissingPrincipal?: boolean; /** * Override for S3 ABAC settings for the simulation. */ s3AbacOverride?: S3AbacOverride; /** * The session policy to use for the simulation, if the principal type supports it. */ sessionPolicy?: any; /** * Additional strict context keys to include for the simulation. These will be added to the default strict context keys. */ additionalStrictContextKeys?: string[]; } /** * The result of a simulation request, containing the original request and the simulation result. */ export interface SimulateRequestResult { /** * The simulation request that was evaluated. */ request: Simulation['request']; /** * The result of the simulation, which may be an error, a single result, or a wildcard result. */ result: RunSimulationResults; } /** * Simulate an IAM request against the collected IAM data. * * @param simulationRequest the simulation request details. * @param collectClient the IAM collect client to use for data access. * @returns the simulation result, including the request and the evaluation result. */ export declare function simulateRequest(simulationRequest: SimulationRequest, collectClient: IamCollectClient): Promise<SimulateRequestResult>; export declare function resultMatchesExpectation(expected: EvaluationResult | 'AnyDeny' | undefined, result: EvaluationResult): boolean; //# sourceMappingURL=simulate.d.ts.map